CVE-2026-4039 | OpenClaw 2026.2.19-2 Skill Env applySkillConfigenvOverrides code injection (GHSA-82g8-464f-2mv7)

Inserito da Angelo Barbosa | Mar 12, 2026 | CVE

A vulnerability was found in OpenClaw 2026.2.19-2. It has been declared as critical. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection.

This vulnerability is registered as CVE-2026-4039. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-4039 | OpenClaw 2026.2.19-2 Skill Env applySkillConfigenvOverrides code injection (GHSA-82g8-464f-2mv7)

Post correlati

CVE-2023-32848 | MediaTek MT6885 vdec out-of-bounds write (ALPS08163896)

CVE-2023-38012 | IBM Cloud Pak System up to 2.3.4.0 URL path traversal

CVE-2025-27019 | Infinera MTC-9 up to 22.x Remote Shell Service missing authentication

CVE-2023-35022 | IBM InfoSphere Information Server 11.7 improper authorization (XFDB-258254)